x509.go

   1 /*
   2 ucspi -- UCSPI-related utilities
   3 Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
   4
   5 This program is free software: you can redistribute it and/or modify
   6 it under the terms of the GNU General Public License as published by
   7 the Free Software Foundation, version 3 of the License.
   8
   9 This program is distributed in the hope that it will be useful,
  10 but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 GNU General Public License for more details.
  13
  14 You should have received a copy of the GNU General Public License
  15 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 */
  17
  18 package ucspi
  19
  20 import (
  21         "crypto/x509"
  22         "encoding/pem"
  23         "errors"
  24         "io/ioutil"
  25 )
  26
  27 func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
  28         var data []byte
  29         data, err = ioutil.ReadFile(p)
  30         if err != nil {
  31                 return
  32         }
  33         var block *pem.Block
  34         for len(data) > 0 {
  35                 block, data = pem.Decode(data)
  36                 if block == nil {
  37                         continue
  38                 }
  39                 if block.Type == "CERTIFICATE" {
  40                         b = block.Bytes
  41                         c, err = x509.ParseCertificate(b)
  42                         return
  43                 }
  44         }
  45         err = errors.New("no CERTIFICATE found in PEM")
  46         return
  47 }
  48
  49 func PrivateKeyFromFile(p string) (prv interface{}, err error) {
  50         var data []byte
  51         data, err = ioutil.ReadFile(p)
  52         if err != nil {
  53                 return
  54         }
  55         var block *pem.Block
  56         for len(data) > 0 {
  57                 block, data = pem.Decode(data)
  58                 if block == nil {
  59                         continue
  60                 }
  61                 switch block.Type {
  62                 case "PRIVATE KEY":
  63                         prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
  64                         return
  65                 case "EC PRIVATE KEY":
  66                         prv, err = x509.ParseECPrivateKey(block.Bytes)
  67                         return
  68                 }
  69         }
  70         err = errors.New("no PRIVATE KEY found in PEM")
  71         return
  72 }
  73
  74 func CertPoolFromFile(p string) (certs []*x509.Certificate, pool *x509.CertPool, err error) {
  75         var data []byte
  76         data, err = ioutil.ReadFile(p)
  77         if err != nil {
  78                 return
  79         }
  80         pool = x509.NewCertPool()
  81         var block *pem.Block
  82         for len(data) > 0 {
  83                 block, data = pem.Decode(data)
  84                 if block == nil {
  85                         err = errors.New("can not decode PEM")
  86                         return
  87                 }
  88                 if block.Type != "CERTIFICATE" {
  89                         err = errors.New("non CERTIFICATE found in PEM")
  90                         return
  91                 }
  92                 var ca *x509.Certificate
  93                 ca, err = x509.ParseCertificate(block.Bytes)
  94                 if err != nil {
  95                         return
  96                 }
  97                 certs = append(certs, ca)
  98                 pool.AddCert(ca)
  99         }
 100         return
 101 }